sample health check review - absolute · sample health check review prepared for acme corporation...

Prepared for: Acme CorporationDecember 1st, 2018

S A M P L E R E P O R T

SAMPLE HEALTH CHECK REVIEW

http://www.absolute.com

absolute.com

SAMPLE HEALTH CHECK REVIEW: PREPARED FOR ACME CORPORATION – DECEMBER 1 ST, 2018

P. 2

COPYRIGHT

© Copyright 2018 Absolute. All Rights Reserved. This is unpublished material and contains confidential information and is subject to a confidentiality agreement. The unauthorized possession, use, reproduction, distribution, display, or disclosure of this material or the information contained herein is prohibited.

The methodologies and processes used in the conduct of this engagement are considered proprietary intellectual property of Absolute, and may not be disclosed without written permission from Absolute. Absolute authorizes you to copy this report for the purposes of disseminating information within your organization or any regulatory agency.

CONFIDENTIALITY

This document contains confidential information of a proprietary and sensitive nature. As such this document should be afforded the security and handling precautions that a confidential document warrants. This document should have a controlled distribution to relevant parties only, and should not be copied without written permission.

Absolute treats the contents of any deliverable as confidential material, and will not disclose the contents of this document to anyone without written permission.

https://www.absolute.com/en/resources/datasheets/application-persistence-services


absolute.com


P. 3

TABLE OF CONTENTS

EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

BACKGROUND .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

DASHBOARD .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

RECOMMENDATIONS FROM ANALYSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

ACCOUNT USERS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

ACCOUNT USERS – AUTO-SUSPEND .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

REGULATORY REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

NETWORK .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

PHYSICAL LOCATION.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

OPERATING SYSTEMS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

DEVICE DETAILS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

END OF LIFE PROCESS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

DEVICE NAMING CONVENTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

SYSTEM PROTECTION – ENCRYPTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

SYSTEM PROTECTION – ANTI-VIRUS/ANTI-MALWARE .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

SYSTEM PROTECTION – SCCM – SYSTEM MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

SYSTEM PROTECTION – OTHER APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

REPORTING/ALERTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

SECURITY ACTIONS – DATA DELETE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

SECURITY ACTIONS – DEVICE FREEZE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

SIEM INTEGRATION – SPLUNK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

ENDPOINT DATA DISCOVERY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

HARDWARE & SOFTWARE REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

GOVERNANCE, RISK & COMPLIANCE (GRC) REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

OPERATING SYSTEMS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

ENCRYPTED DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

NON-ENCRYPTED DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

ENDPOINT ANTI-MALWARE STATUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SCCM HEALTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

REMOTE ACCESS APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

CLOUD SHARING APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

PEER-TO-PEER APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

CONCLUSIONS ABOUT ACCOUNT HEALTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15



absolute.com


P. 4

EXECUTIVE SUMMARY

BACKGROUND

ACME Corporation contracted Absolute Professional Services (Absolute) for Health Check services for the Absolute clients at ACME. ACME requested these Health Check services in order to get an independent report into the health of their Absolute implementation.

Absolute recommended the following goals:

• Address open issues

• Schedule report status call

• Demonstrate new features

• Identify issues or configuration improvements

SUMMARY

The following are accomplished activities so far:

• Introductory kick-off meeting on August 1, 2018

• Phase 1 Investigation webex/call on August 8, 2018 to gather data and review Absolute console current setup / configuration.

• Target completion date set for September 15, 2018



absolute.com


P. 5

DASHBOARD

ASSESSMENT CATEGORY COUNT

# of Absolute Licenses 4,051

# of installed Absolute Agents 3,679

% active in past 90 days 64%

# of open support issues 5

# of resolved support issues 160

# of Data Deletes 9

# of Device Freezes 2



absolute.com


P. 6

RECOMMENDATIONS FROM ANALYSIS

The following sections contain a summary of the recommendations.

ACCOUNT USERSUrgency: High

During the Absolute console review it was seen that ACME have a very high number of users with access to Absolute console (50). Access should be restricted to the core team who manage and monitor your assets.

ACCOUNT USERS – AUTO-SUSPENDUrgency: High

Auto-suspend should be enabled for any inactive users that have not accessed Absolute console in 30 days. This will help protect the system.

REGULATORY REQUIREMENTSUrgency: Med

During the phase 1 Absolute console review the ACME team were not sure which regulatory requirements apply to the business.

Possible compliance issues: If ACME has a medical bay and patient records are stored HIPAA will apply, If ACME collects customer billing and credit card records then PCI SSC may apply. These are just 2 possible scenarios where the use of Absolute Data Awareness would provide protection and assist in compliance for ACME.

NETWORKUrgency: Best Practice

Use of a segmented LAN allowing for the detection of physical location of devices to building level.

Devices are expected to contact the monitoring center daily, set alert for any devices not calling in a given number of days.

PHYSICAL LOCATIONUrgency: Med

Since ACME devices can communicate from so many locations alerts for changes in external IP will only be useful for static devices that should not leave a given location. Alerts for change in internal and external IP can be used to monitor these static devices.

ACME should consider enabling Geolocation and Geo-fences so they can be used to monitor such static devices.

OPERATING SYSTEMSUrgency: Med

As ACME windows devices should all be using volume license keys (KMS or MAK) alert for key change should be setup to detect users violating this policy. Review GRC to see which Keys are detected on ACME devices.



absolute.com


P. 7

DEVICE DETAILSUrgency: Med

ACME does not lease devices. The device lease fields in Absolute console can be used to track purchase date or deployment date so older devices can be tracked for return before EOL.

END OF LIFE PROCESSUrgency: High

A review of the asset report shows a lot of old redundant data for devices that have not called in a number of years, ACME should modify their EOL process to ensure that all retiring devices have the Absolute agent removed. This will free up the licenses for use on new devices.

Absolute console provides for the bulk removal of the Absolute agent from multiple computers at once, this should be used to remove the redundant devices from the system.

DEVICE NAMING CONVENTIONUrgency: Med

ACME has a standard naming convention. Alerts should be setup to detect devices that do not match the correct convention.

Device name can be used to group devices so that the correct department field can be set.

SYSTEM PROTECTION – ENCRYPTIONUrgency: High

ACME has mandated that windows laptops be encrypted with ‘BitLocker’ and Mac computers with ‘FileVault’, also older devices may use PGP. The encryption report should be used to discover devices that are not encrypted and where data is at risk.

2453 Non-Encrypted devices.

By leveraging Application Persistence, you can ensure each device has the proper applications installed regardless of network status or device location.

www.absolute.com/en/resources/datasheets/application-persistence

SYSTEM PROTECTION – ANTI-VIRUS/ANTI-MALWAREUrgency: High

ACME has mandated that McAfee should be used. Alert for missing AV should be enabled.

834 devices missing AV.





https://www.absolute.com/en/resources/datasheets/application-persistence


absolute.com


P. 8

SYSTEM PROTECTION – SCCM - SYSTEM MANAGEMENTUrgency: Med

ACME uses SCCM. Absolute console SCCM health reporting is enabled. SCCM Repair feature should also be enabled.

SCCM StatusOK 925Needs attention 404Absent 592No Indication 1761



SYSTEM PROTECTION – OTHER APPLICATIONSUrgency: Med

We recommend the creation of a default software policy for mandated and banned software. This will allow alerts and reporting for breaches to ACME’s software policy.

REPORTING/ALERTSUrgency: Med

The following alerts may be beneficial to improve the quality of the reporting and detection of at risk devices:

ID ALERT NAME COMMENT SUSPICION LEVEL

106862 Device RebuildAbsolute agent persistence has been triggered, could indicate device no longer under your control

3

Encryption Status Changed User tampering with encryption, possible policy violation 3

106851 Last call > XX days agoDevice has not called in given number of days, could indicate a lost device not under your control

1

106863 Local IP Address Changed For static device group - User could be using device in wrong location 1

106864 Major ChangeAbsolute Persistence self-healing has been triggered, could indicate device no longer under your control

5

106857 Missing Software on Required List User tampering with device against corporate policy 1

106865 Network ChangeFor static device group - Both Internal and External IP Changed, device in no longer in the correct location, user could have a device at home

2

106854 New Program File Detected User is installing software – against company policy 1

106866 Operating System Changed User is rebuilding device or it is out of your control 2

106867 Operating System Product Key Changed User is rebuilding device or it is out of your control 3

106868 Public IP Address ChangedFor static device group - Device is outside the organization, User is connecting from non-authorized location against company policy

1

106869 Self-Healing CallAbsolute agent persistence has been triggered, could indicate device no longer under your control

3

SCCM needs attention SCCM agent status changed, device needs investigation 2

106856 Software on Banned List User installing banned software, corporate policy violation 3

106870 Username ChangedPossible device drift inside the company, also check IP’s to see if device is still in the organization

3

106853 Warranty Ending Used to renew, extend warranty or EOL retire device

106861 Device Name Changed Could indicate a user is misusing the device or it is no longer under your control 3




absolute.com


P. 9

SECURITY ACTIONS – DATA DELETEStatus: Best Practice

Recommendation to create pre-configured Data Delete Policies so the user can save time and simply choose the most relevant policy depending upon the scenario.

“Last Accessed Time Stamp enabled”, this will assist in proving compliance with any required “regulatory requirements” the uploaded log from a successful Data Delete action can prove sensitive data was never accessed prior to being remotely deleted from the at risk device.

Status: Low

Custom Action Fields: these can be created to allow the recording of additional data for Data Delete and Device Freeze actions.

SECURITY ACTIONS – DEVICE FREEZEStatus: High

This feature has not been used since 2017.

Recommendation to create pre-configured Device Freeze Messages so the user can save time and simply choose the most relevant message depending upon the scenario.

We also recommend the use of “Offline Device Freeze Policy” for devices that stop calling for a prolonged period of 14 days or longer. This will assist in protecting data on possible compromised devices.

SIEM INTEGRATION- SPLUNKStatus: Not Implemented

We recommend downloading and setup of the SIEM connector to facilitate the export of Absolute console alerts to Splunk. The alerts, when fed in to Splunk, can be used to compare against other data sources. We also have direct integration with RSA Security Analytics, HP ArcSight and other leading SIEM solutions.

ENDPOINT DATA DISCOVERYStatus: Not Enabled

If Data Discovery is part of the feature set for purchased Absolute products we recommend configuring and activating Data Discovery on a test policy to evaluate its’ effectiveness. To enable the feature you must add devices to the applicable Device Policy, and then configure that Policy to enabled Data Discovery with the options that you would like to use.

HARDWARE & SOFTWARE REPORTINGStatus: Enabled

Test policy has hardware and software detection enabled. We recommend continued evaluation of these beta features.

GOVERNANCE, RISK & COMPLIANCE (GRC) REPORTINGStatus: Enabled

This is a monthly automated report already enabled for your account that is sent out by email.



absolute.com


P. 10

OPERATING SYSTEMSOf the endpoints in the account, the following breakdown represents the various operating systems found:

(434) Four hundred and thirty four endpoints were identified as running Windows XP or older, which are no longer supported by Microsoft and do not receive security updates, this may present a security risk to your environment if no compensating controls are in place.

ENCRYPTED DEVICESAbsolute validated the encryption status of each endpoint and found 1,226 devices have fully enabled encryption products as follows.

854 endpoints determined to have ‘Microsoft BitLocker’ full volume/disk encryption enabled.

340 endpoints determined to have ‘FileVault2’ full volume/disk encryption enabled.

22 endpoints determined to have ‘TrueCrypt’ full volume/disk encryption enabled.

10 endpoints determined to have ‘PGP Desktop’ full volume/disk encryption enabled.

ENCRYPTION BY PRODUCT

OS PLATFORMS IN USE



absolute.com


P. 11

NON-ENCRYPTED DEVICESAbsolute also found that the following have no detected encryption product or the product detected is not enabled and as such the devices are not encrypted.

1197 endpoints determined to have ‘Microsoft BitLocker’ but NOT Encrypted.

650 have ‘no encryption product detected’.

380 endpoints determined to have ‘FileVault2’ but NOT Encrypted.

106 endpoints determined to have ‘FileVault’ but NOT Encrypted.

101 endpoints determined to have ‘Trusted Drive Manager’ but NOT Encrypted.

10 endpoints determined to have ‘TrueCrypt’ but NOT Encrypted.

3 endpoints determined to have ‘PGP Desktop’ but NOT Encrypted.

1 endpoint determined to have ‘SecureDoc Disk Encryption’ but NOT Encrypted.

For the purpose of helping determine if sensitive material is stored on the endpoints missing encryption, the following is a selection of 10 newest calling non-encrypted device:

IDENTIFIER HOSTNAME USERNAME

87UD6H8FG8AA1XQO0063 CICUKN-JNJUY1 DuffH

87UD6H8FG8AA1XQO0127 STRI-L8DFRN1 striadmin

87UD6H8FG8AA1XQO0269 OMAIL-BURESS Omailstaff

87UD6H8FG8AA1XQO0296 NMNHL-RUSSELL123 Russell

87UD6H8FG8AA1XQO0307 TEST-PC test

87UD6H8FG8AA1XQO1893 SMITHROB-PC Smithrob

87UD6H8FG8AA1XQO2370 LOCKNESS Locknessj

87UD6H8FNJDAA10TI0115 ICLLKPBLEJULAPTOP Jane

87UD6H8FNJDAA10TI0167 NZP—LK80345 Manzelj

87UD6H8FBHAA1H3D0320 USER-PC User

NOT ENCRYPTED



absolute.com


P. 12

ENDPOINT ANTI-MALWARE STATUSAbsolute validated the presence of an anti-malware product on each endpoint.

Of the 3,679 Absolute enabled devices assessed, 834 devices = 23% have No Anti-Virus or Anti-Malware product detected. Below is the breakdown of Anti-Virus/Anti-Malware software installed.

For the purpose of helping determine if sensitive material is stored on the endpoints missing AV, the following is a selection of 10 newest calling devices missing AV:

IDENTIFIER HOSTNAME USERNAME

87UD6H8FG8AA1XQO0942 Charles’ MacBook Air Charles Erwin

87UD6H8FG8AA1XQO1276 Jason’s MacBook Air Jason Braid

87UD6H8FG8AA1XQO1403 Freda Matt

87UD6H8FG8AA1XQO2036 Robert’s MacBook Pro Robert Francis

87UD6H8FG8AA1XQO2143 Peter’s MacBook Pro (3) Peter Budar

87UD6H8FG8AA1XQO2310 xps13 skdpls

87UD6H8FG8AA1XQO2398 Debbie’s MacBook Pro Debbie

87UD6H8FG8AA1XQO2599 NMNH-L31859 Lana Condrite

87UD6H8FG1JDAA10TI0438 Kendallr Randy Kendall

87UD6H8FG1LAA3G0C0143 dadaf Ed Moss

DETECTED AV BY PRODUCT



absolute.com


P. 13

SCCM HEALTHAbsolute validated the presence of SCCM Agent on each Windows endpoint.

Of the 2,735 Absolute enabled Windows devices assessed only 925 were in good SCCM health. 66% have No SCCM agent or are in need of repair.

REMOTE ACCESS APPLICATIONSThe following is a list of common remote access applications we identified on the assessed endpoints, other less common applications may also be present but are not shown here.

This indicates a possible vulnerability to your network if these types of applications are not permitted on your endpoints.

NAME NUMBER OF ENDPOINTS

TeamViewer 83

VNC Viewer 23

Start Listening VNC Viewer 12

Uninstall VNC Viewer 12

VNC Server 7

VNC Server (User Mode) 7

VNC Viewer Enterprise 6

Enter VNC Server License Key 5

Uninstall VNC Server 5

LogMeInIgnition 4

LogMeIn Client 4

Ammyy Admin 2

LogMeIn Hamachi Menubar 2

LogMeIn Hamachi 2

TigerVNC Viewer 1.3.0 2

TurboVNC Viewer 1

TeamViewerQS 1

TeamViewer 11 1

Support-LogMeInRescue-1 1

Support-LogMeInRescue 1

SCCM STATUS



absolute.com


P. 14

CLOUD SHARING APPLICATIONSThe following popular cloud sharing applications were identified on the assessed endpoints, other less common applications may also be present but are not shown here.

This indicates a possible data vulnerability to your organization.


Dropbox 643

iCloud 82

iCloudWeb 82

SUGARSYNCMANAGER 17

ZipCloud 13

OneDrive 9

SldToolboxConfigure 8

Scan to Dropbox 7

Scan to SugarSync 7

ICLOUDSERVICES 6

iCloud Drive 4

Microsoft OneDrive 4

BoxSync 4

Smilebox 4

SugarSync Manager 4

PEER-TO-PEER APPLICATIONS The following peer-to-peer applications were identified on the assessed endpoints, other less common applications may also be present but are not shown here.

This represents a possible data vulnerability to your organization.


Vuze 8

uTorrent 8

Pandora 6

Pandora Recovery 4

BitTorrent 4

LimeWire 3

µTorrent 2

LimeWire At Login 2

xfp2p 1

torrent 1

pandoc-data 1

pandoc 1

emule 1



absolute.com


P. 15

CONCLUSIONS ABOUT ACCOUNT HEALTH

Based on the analysis conducted by Absolute, the following findings were made:

• Several endpoints were identified as running an unsupported version of Windows Operating Systems.

• Encryption is being disabled on your endpoints.

• Anti-Virus/Anti-Malware is missing on a large percentage of your endpoints.

• Several instances of remote control software were found and being used by your end-users.

• Two instances of peer-to-peer applications were found and being used by end-users.

• To remotely install and persist your critical applications (SCCM, BitLocker, McAfee, etc.) please see our Application Persistence solution.



ABOUT ABSOLUTE

Absolute set the new standard for endpoint visibility and control with self-healing

endpoint security and always-connected IT asset management to protect devices,

data, applications and users — on and off the network. Bridging the gap between

security and IT operations, only Absolute gives enterprises visibility they can act

on to protect every endpoint, remediate vulnerabilities, and ensure compliance

in the face of insider and external threats. Absolute’s patented Persistence

technology is already embedded in the firmware of more than one billion PC and

mobile devices and trusted by over 12,000 customers worldwide.

© Copyright 2018 Absolute. All Rights Reserved. This is unpublished material and contains confidential information and is subject to a confidentiality agreement. The unauthorized possession, use, reproduction, distribution, display, or disclosure of this material or the information contained herein is prohibited.

The methodologies and processes used in the conduct of this engagement are considered proprietary intellectual property of Absolute, and may not be disclosed without written permission from Absolute. Absolute authorizes you to copy this report for the purposes of disseminating information within your organization or any regulatory agency. Health-Check-Sample-Report-101518

EMAIL :[email protected]

PHONE:North America: 1-877-660-2289 EMEA: +44-118-902-2000

SALES:absolute.com/request-info

WEBSITE:absolute.com


mailto:sales%40absolute.com?subject=

http://www.absolute.com/request-info


sample health check review - absolute · sample health check review prepared for acme corporation...

Documents